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DETAILED ACTION 

1. This office action is in response to the amendment filed August 16, 2005. Claims 1-32 
are presented for examination. 

2. The text of those sections of Title 35, U.S. code not included in this office action can be 
found in a prior office action. 



Claim Rejections ~ 35 USC § 103 
3. Claims 1-3, 9-11, and 25-32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cota-Robles et al. (US 2002/0143842) (hereinafter Cota-Robles). 



4. As per claim 1, Cota-Robles teaches the invention as claimed, including a method for 
controlling input/output [I/O] operations of a user's computer comprising the following steps: 

implementing the user's computer as a virtual machine [VM] (paragraphs 0019-0020); 

including an interface software component between the VM and a physical computer 
system that includes at least one device (paragraphs 0019-0020); 

in the interface software component: 

sensing a request for an I/O operation between the VM and the device (paragraphs 

0027, 0029, 0042, 0047); 
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performing a transformation of I/O data passing between the VM and the device 
(paragraphs 0015, 0027, 0047), said transformation being adjunct to necessary 
completion of the request, as issued, for the I/O operations (paragraph 0027, "the soft 
device driver... performs zero or more transformations on data received from guest OS", 
"the soft device driver... performs zero or more transformations on data directly 
transferred to system memory") (emphasis added); 

the transformation of the I/O data thereby being undefeatable by any user action via the 
VM (paragraphs 0025, 0027, 0029, 0047). 

5. It is hereby noted that Examiner has removed Mueller as a supporting reference, as 
further consideration of Cota-Robles has revealed that the teaching of transformations being 
adjunct, i.e. optional or not required, is actually supported by Cota-Robles. In that regard, the 
inclusion of Mueller in the previous rejection was erroneous, and is hereby remedied by the new 
grounds of rejection. 

Applicant has argued that the transformations performed by Cota-Robles are actually 
necessary for proper completion of input/output operations. Upon reconsideration of the 
reference, Examiner respectfully disagrees. The above-cited passage of Cota-Robles clearly 
demonstrates that there are to be " zero or more" transformations, which implies that the 
transformations may be wholly unnecessary. In this regard, it is arguable that Cota-Robles 
inherently teaches the transformations being adjunct to necessary completion of the I/O 
operations. At worst, it would have been obvious to one of ordinary skill in the art that Cota- 
Robles suggests transformations may not be necessary, as "zero" transformations would indicate 
that no transformations are necessary for proper completion of the input/output operations. 
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6. As per claim 2, Mueller teaches the invention as claimed, including a method as in claim 
1, in which: 

the device is a display (paragraph 0015); 

the I/O data is VM display data output from the VM and intended for display (paragraphs 
0015, 0027, 0029, 0042, 0047); and 

the transformation is a replacement of at least a portion of the VM display data with non- 
defeatable display data stored external to the VM (paragraphs 0015, 0027, 0047); 

further including the step of displaying the VM display data with the non-defeatable 
display data overlaid (paragraphs 0015, 0025, 0027, 0029, 0047). 

7. As per claim 3, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, further including the following steps: 

filtering the I/O data with respect to at least one filtering condition (paragraphs 0027, 
0029, 0042, 0047); and 

performing the transformation of the I/O data only when the filtering condition is met 
(paragraphs 0027, 0029, 0042, 0047). 

8. As per claim 9, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which the transformation comprises insertion into the I/O data of a source indication 
associated with the VM (paragraphs 0027, 0029, 0042, 0047). 
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9. As per claim 10, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which the transformation is time-varying (paragraphs 0015, 0023). 

10. As per claim 11, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which the device is a network connection device (paragraphs 0015, 0023). 

11. As per claim 25, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which: 

the VM supports a plurality of I/O modes (paragraphs 0015, 0023); 

the step of filtering is performed on I/O data corresponding to a first one of the plurality 
of I/O modes (paragraphs 0027, 0029, 0042, 0047); and 

the transformation is applied to I/O data in a second one of the I/O modes when the I/O 
data in the first I/O mode satisfies a transformation-triggering criterion (paragraphs 0015, 0027, 
0029, 0042, 0047). 

12. As per claim 26, Cota-Robles teaches the invention as claimed, including a method as in 
claim 25, in which the I/O modes include a video mode and an audio mode (paragraphs 0015, 
0023). 

13. As per claim 27, Cota-Robles teaches the invention as claimed, including a method for 
controlling input/output (I/O) of a user's computer comprising the following steps: 

implementing the user's computer as a virtual machine [VM] (paragraphs 0019-0020); 
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including an interface software component between the VM and a physical computer 
system that includes at least one device that carries out an I/O operation on the basis of device 
control data (paragraphs 0019-0020, 0027, 0029, 0042, 0047); 

storing the device control data associated with the VM in a buffer (paragraphs 0019- 
0020, 0027, 0029, 0042, 0047); 

upon sensing a transformation command from an administrative system external to the 
VM, entering replacement data into at least a portion of the buffer (paragraphs 0027, 0029, 0042, 
0047), said replacement data being entered as a processing step that is adjunct to the necessary 
completion of the I/O operation (paragraph 0027, "the soft device driver. . .performs zero or more 
transformations on data received from guest OS", "the soft device driver. . .performs zero or more 
transformations on data directly transferred to system memory") (emphasis added); 

the entry of the replacement data thereby being undefeatable by any user action via the 
VM (paragraphs 0025, 0027, 0029, 0047). 

14. As per claim 28, Cota-Robles teaches the invention as claimed, including a system for 
controlling input/output [I/O] operations of a user's computer, comprising: 

a virtual machine [VM] constituting the user's computer (paragraphs 0019-0020); 

an interface software component between the VM and a physical computer system that 
includes at least one device (paragraphs 0019-0020); 

the interface software component including computer-executable code: 

for sensing a request for an I/O operation between the VM and the device 

(paragraphs 0027, 0029, 0042, 0047); and 
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for performing a transformation of I/O data passing between the VM and the 
device (paragraphs 0015, 0027, 0047), said transformation being adjunct to necessary 
completion of the request, as issued, for the I/O operation (paragraph 0027, "the soft 
device driver... performs zero or more transformations on data received from guest OS", 
"the soft device driver... performs zero or more transformations on data directly 
transferred to system memory") (emphasis added); 

the transformation of the I/O data thereby being undefeatable by any user action via the 
VM (paragraphs 0025, 0027, 0029, 0047). 

15. As per claim 29, Cota-Robles teaches the invention as claimed, including a system as in 
claim 28, in which the device is a display and the I/O data is VM display data (paragraph 0015). 

16. As per claim 30, Cota-Robles teaches the invention as claimed, including a system as in 
claim 29, further comprising: 

a display buffer within the VMM for storing the VM display data that is output from the 
VM and is intended for display (paragraph 0015, 0027, 0029, 0042, 0047); and 

a transformation software module comprising computer-executable code within the 
interface software component for replacing at least a portion of the VM display data stored in the 
display buffer with non-defeatable display data (paragraph 0015, 0027, 0029, 0042, 0047); 

in which the display is provided for displaying the contents of the display buffer 
(paragraphs 0015, 0023, 0027, 0042, 0047). 



Application/Control Number: 09/844,58 1 Page 8 

Art Unit: 2195 

17. As per claim 31, Cota-Robles teaches the invention as claimed, including a system as in 
claim 28, in which the device is a data storage device (paragraphs 0015, 0023). 

18. As per claim 32, Cota-Robles teaches the invention as claimed, including a system as in 
claim 28, in which the device is a network connection device (paragraphs 0015, 0023). 

19. Claims 4-5, 8, and 21-24 are rejected under 35 ILS.C. 103(a) as being unpatentable 
over Cota-Robles in view of O'Neil et al. (USPN 5,987,440) (hereinafter O'Neil). 

20. As per claim 4, O'Neil teaches the invention as claimed, including a method as in claim 
3, in which the filtering condition is that the I/O data includes at least one restricted term 
(Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

21 . It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
O'Neil since Cota-Robles, while presenting a method of representing a processing device in a 
virtual machine to control input and output, does not present specific types of input/output 
devices, or how certain features therein would be implemented. Modern computing is embodied 
within a networked environment to the point where it is nearly commonplace. With this advent 
in computing, protecting the integrity of data is of utmost importance. O'Neil provides a method 
of protecting information security within a virtual private network, or other type of network, such 
that personal data or other sensitive data can be trusted and more securely transferred. 
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22. As per claim 5, O'Neil teaches the invention as claimed, including a method as in which 
the filtering condition is that the I/O data is from a restricted source (Abstract, col. 56 lines 5-40; 
col. 57 line 60 - col. 58 line 63). 

23. As per claim 8, O'Neil teaches the invention as claimed, including a method as in claim 
3, in which the filtering condition is the presence in the I/O data of a copy protection indication 
(Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

24. As per claim 21, O'Neil teaches the invention as claimed, including a miethod as in claim 
1, in which: 

the device is a network connection device (Abstract, col. 56 lines 5-40; col. 57 line 60 - 
col. 58 line 63); 

the requested I/O operation is a transfer of data between the VM and the network 
connection device (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63); and 

the step of performing the transformation comprises changing at least a portion of the 
data during the transfer between the VM and the network connection device (Abstract, col. 56 
lines 5-40; col. 57 line 60 - col. 58 line 63). 

25. As per claim 22, O'Neil teaches the invention as claimed, including a method as 'in claim 
21, in which the step of performing the transformation of the I/O data comprises encrypting data 
written by the VM to the network connection device and decrypting data read from the network 
connection device by the VM (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 
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26. As per claim 23, O'Neil teaches the invention as claimed, including a method as in claim 
21 , in which the step of performing the transformation of the I/O data comprises compressing 
data written by the VM to the network connection device and decompressing data read from the 
network connection device by the VM (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 
63). 

27. As per claim 24, O'Neil teaches the invention as claimed, including a method as in claim 
1, in which the step of performing the transformation of the I/O data comprises cryptographic 
transformation of the I/O data (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

28. Claims 6-7 and 15-17 are rejected under 35 U.S.C 103(a) as being unpatentable 
over Cota-Robles in view of Pasieka (USPN 6,587,945). 

29. As per claim 6, Pasieka teaches the invention as claimed, including a method as in claim 
3, in which: 

the I/O data includes image data (col. 4 line 58 - col. 5 line 17); 

the step of filtering the I/O data comprises detecting the presence of a representation of a 
target image within the image data (col. 4 line 58 - col. 5 line 17); and 

the transformation is substitution of a representation of a replacement image in place of 
the representation of the target image (col. 4 line 58 - col. 5 line 17). 
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30. It would have been obvious to one of ordinary skill in the art to combine Cota-Robles 
with Pasieka since Cota-Robles, while presenting a method of representing a processing device 
in a virtual machine to control input and output, does not present specific types of input/output 
devices, or how certain features therein would be implemented. In systems that utilize virtual 
machines, Internet applications or other network computing is very common. Along with this 
type of processing comes a transfer of image data or other display data. While Cota-Robles 
mentions this type of input/output briefly, it does not specifically address how the transmission 
of these images would be protected. Pasieka provides such a method of digitally signing an 
image before it is transferred, such that the origin and integrity of a document or image can be 
verified before it is displayed on a user's screen. 

31. As per claim 7, Pasieka teaches the invention as claimed, including a method as in claim 
6, in which: 

the I/O data is in a non-character image format (col. 4 line 58 - col. 5 line 17); 
the target image is a representation of a restricted character string (col. 4 line 58 - col. 5 
line 17); and 

the step of filtering the I/O data comprises applying character recognition to the I/O data 
(col. 4 line 58 - col. 5 line 17). 

32. As per claim 15, Pasieka teaches the invention as claimed, including a method as in claim 
1 , in which: 

the device is a display (col. 4 line 58 - col. 5 line 17); 
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the display renders data stored in a display map (col. 4 line 58 - col. 5 line 17); and 
the step of performing the transformation comprises altering a selected portion of the 
display map (col. 4 line 58 - col. 5 line 17). 

33. As per claim 16, Pasieka teaches the invention as claimed, including a method as in claim 
15, in which the step of altering the selected portion of the display data comprises substituting 
non-defeatable display data for the selected portion (col. 4 line 58 - col. 5 line 17). 

34. As per claim 17, Pasieka teaches the invention as claimed, including a method as in claim 
15, in which the step of altering the selected portion of the display data comprises changing all 
occurrences in the display map of a display color to a replacement color (col. 6 lines 15-54). 

35. Claims 12-14 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cota- 
Robles in view of Narlikar et al. (US 2002/0069241). 

36. As per claim 12, Narlikar teaches the invention as claimed, including a method as in 
claim 11, in which the transformation is a bandwidth limiting of the I/O data being transferred 
between the VM and the network connection device (Abstract, paragraphs 0003-0005, 0012, 
0019). 
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37. It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
Narlikar since in a networked computing environment, processing bottlenecks can lead to loss of 
data, inconsistent processing, or other failures. This particular type of input/output processing 
must be accounted for in a network environment. Often, such issues are handled by proxy 
servers that distribute loads evenly among servers, such that one node does not handle an 
excessive amount of requests. Pasieka provides such a proxy method, wherein if a request is 
directed to a heavily loaded node, the request is redirected to a proxy server, which determines 
the best way to distribute that request. Thus, processing throughput can be improved giving rise 
to more reliable and efficient processing. 

38. As per claim 13, Narlikar teaches the invention as claimed, including a method as in 
claim 1 1, in which: 

the requested I/O operation is a transfer of the I/O data between the VM and the network 
connection device (Abstract, paragraphs 0003-0005, 0012, 0019); and 

the transformation is a time delay of the transfer (Abstract, paragraphs 0003-0005, 0012, 

0019). 

39. As per claim 14, Narlikar teaches the invention as claimed, including a method as in 
claim 11, in which: 

the requested I/O operation is a transfer of the I/O data from the VM to a first destination 
address via the network connection device (Abstract, paragraphs 0003-0005, 0012, 0019); 
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the transformation is a redirection of the I/O data to a second destination address different 
from the first (Abstract, paragraphs 0003-0005, 0012, 0019). 

40. Claims 18-20 are rejected under 35 ILS.C. 103(a) as being unpatentable over Cota- 
Robles in view of Samar (US 2002/0078049). 

41. As per claim 18, Samar teaches the invention as claimed, including a method as in claim 
1, in which: 

the device is a data storage device (Abstract, 0029, 0030, 0040, 0041); 

the requested I/O operation is a transfer of data between the VM and the storage device 
(Abstract, 0029, 0030, 0040, 0041); and 

the step of performing the transformation comprises changing at least a portion of the 
data during the transfer between the VM and the storage device (Abstract, 0029, 0030, 0040, 
0041). 

42. It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
Samar since Cota-Robles, while presenting a method of representing a processing device in a 
virtual machine to control input and output, does not present specific types of input/output 
devices, or how certain features therein would be implemented. Modern computing utilizes data 
stores and databases to store sensitive data. With this advent in computing, protecting the 
integrity of the data is of utmost importance. Samar provides a method of determining if data 
that is to be stored is of a sensitive nature, and if so, encrypting the data such that it can be 
protected against unauthorized access. 
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43. As per claim 19, Samar teaches the invention as claimed, including a method as in claim 
18, in which the step of performing the transformation of the I/O data comprises encrypting data 
written by the VM to the data storage device and decrypting data read from the data storage 
device by the VM (Abstract, 0029, 0030, 0040, 0041). 

44. As per claim 20, Samar teaches the invention as claimed, including a method as in claim 
18, in which the step of performing the transformation of the I/O data comprises compressing 
data written by the VM to the data storage device and decompressing data read from the data 
storage device by the VM (Abstract, 0029, 0030, 0040, 0041). 

Response to Arguments 

45. Applicant's arguments with respect to claims 1-32 have been considered but are 
moot in view of the new grounds of rejection. 

46. Applicant's arguments are directed to Cota-Robles and Mueller, alleging that both 
references fail to teach input/output transformations in the virtual machine monitor being adjunct 
to necessary completion of those operations. The rejection in view of Mueller has been 
withdrawn, and a closer look at Cota-Robles indicates that this feature is actually supported. 
This issue is addressed above in paragraph 5. 
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Conclusion 



47. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed J. Ali whose telephone number is (571) 272-3769. The 
examiner can normally be reached on Mon-Fri 8-5:30, 2nd Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai T. An can be reached on (571) 272-3756. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





Syed Ali 
October 5, 2005 



